Changelog
Trust CenterTourStatusPageSupport
Back to All

Release Notes (2023-01)

over 1 year ago by JT Wells

January release notes detailing the evolution of the Stairwell platform

January 18th, 2023

Variant Discovery API - Additional Variant File Hashes

Stairwell’s malware variant discovery through Inception provides each security team member with unique value by quickly identifying similar files either in your organization or in the wild. This saves every member of your security team time. Time they can spend keeping you a step ahead.

File hashing is used to provide a unique fingerprint or identifier for a file, but many systems on the market only support one type of file hash. 

Currently, the variant discovery API only provides the SHA-256 hash of variant files. Because SHA-256 is the most recent hashing algorithm, it frequently requires customers to calculate or discover the MD5 or SHA-1 hashes of the variants another way. And, there can be a lot of variants.

We’ve updated our variant discovery API responses to include the MD5 and SHA-1 hash of variant files.

January 12th, 2023

Additional pivots from dashboard

You can click on additional elements within the dashboard to quickly pivot into respective details.

The following screenshot highlights which dashboard panels are now clickable:

As indicated above, you can drill into:

  • Total coverage (routes to the assets page)
  • Assets added (routes to the assets page)
  • New YARA rules (routes to the YARA rules page)
  • Latest YARA matches on your objects (routes to the YARA rules page)
  • Objects received (routes to search page with recently objects pre-populated)
  • Objects flagged by AV (routes to the search page with recently objects pre-populated that also have AV hits)

January 11th, 2023

Enhancement: Search from Variant Discovery

Inception’s variant discovery provides users with a way to discover similar malware samples in seconds. It takes all of the pivoting and analysis out of hunting and provides quick results.

Previously users could copy the variant hashes and search, but now you can do it more quickly from the context menu on the variant discovery tab of any object:

January 10th, 2023

New Feature: Shannon Entropy on files 🎉

Entropy measures randomness of data, or how predictable the pattern of bytes are within a file.  As malware authors attempt to obfuscate code and data sections, they will alter the natural entropy of their files.  Examples of file characteristics in increasing order of entropy for given data are as follows:

Blocks of the same data, NOP sleds or potentially a zeroed out section that data will be unpacked in to:

  • standard English text, ie. strings stored in the Data section
  • opcodes generated by x86/x64 compiled C code
  • XOR encoding with key > 1 byte, block cipher encryption
  • Packers and compression algorithms
  • stream cipher encryption, ie. file infected by ransomware

It should be noted that while a weak indicator, a very high entropy of an non-compressed file may be indicative of malicious activity.

Inception now calculates file entropy on every object which is viewable throughout the platform:

  • Object search result tables
  • Object details panes

 

January 6th, 2023

Additional columns added to the asset management page

The asset management view offers a consolidated look into all assets that are running the Inception file forwarder.  As a way to glean additional data, we've added two new columns:

  • Last seen: timestamp of last recorded activity
  • Registration time: timestamp of when the forwarder was initially installed

January 5th, 2023

Create your own nested environments!

You can now create your own nested environments in self-service fashion, which is useful when logically grouping assets by region, business unit, etc.

📘

Tip:

Self-service creation of environments is especially useful for partners who want to leverage multi-tenancy.